F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices Access Control Configuration Guide-6PW100

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

211

212

213

214

215

216

217

218

219

220

204

Ste

Command

Remarks

1. Enter system

view.

system-view N/A

2. Add a local user

and enter local

user view.

local-user user-name [ vd

vd-name ]

By default, the local user named admin exists.

3. Configure a

password for the

local user.

password [ { cipher | simple }

password ]

Optional.

If you do not configure any password for a local

user, the local user does not need to provide any

password during authentication, and can pass

authentication after entering the correct local user

name and passing attribute checks. To achieve high

security, configure a password for each local user.

In FIPS mode, this command is not available, and

you must use the password-control command to set

a password for a local user

4. Assign service

types for the local

user.

service-type { dvpn | ftp |

{ ssh | telnet | terminal } * |

portal | ppp | web }

By default, no service is authorized to a local user.

Support for dvpn and portal keywords depends on

the device model. For more information, see Access

Control Command Reference.

The ftp and telnet keywords are not available for

FIPS mode.

5. Place the local

user to the active

or blocked state.

state { active | block }

Optional.

By default, a created local user is in active state and

can request network services.

6. Set the maximum

number of

concurrent users

of the local user

account.

access-limit max-user-number

Optional.

By default, there is no limit to the maximum number

of concurrent users of a local user account.

The limit is effective only for local accounting, and is

not effective for FTP users.

7. Configure

password control

attributes for the

local user.

• Set the password aging

time:

password-control aging

aging-time

• Set the minimum password

length:

password-control length

length

• Configure the password

composition policy:

password-control

composition type-number

type-number [ type-length

type-length ]

Optional.

By default, the local user uses password control

attributes of the user group to which the local user

belongs, and uses the global setting for any

password control attribute that is not configured in

the user group. The global settings include a 90-day

password aging time, a minimum password length

of 10 characters, and at least one password

composition type and at least one character

required for each password composition type.

The password must contain at least 8 characters.

In FIPS mode, the composition type-number must be

8. Configure

binding

attributes for the

local user.

bind-attribute { call-number

call-number [ :

subcall-number ] | ip

ip-address } *

Optional.

By default, no binding attribute is configured for a

local user.